Correlated Risk in Cybersecurity

1. A computer-implemented method for quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the method comprising: executing a plurality of Monte Carlo simulations over a dependency graph that is based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein each of the plurality of Monte Carlo simulations executes by: generating a seed event in the dependency graph, the seed event having a probability distribution; and propagating disruption through the dependency graph based on the seed event; and terminating the respective Monte Carlo simulation when a threshold amount of loss is aggregated among two or more assets of the plurality of assets affected by the disruption is exceeded; assessing, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets; and aggregating the losses for the two or more assets of the plurality of assets to determine correlated risk in the network, wherein the dependency graph comprises (i) a plurality of edges representing the relationships between the plurality of assets, the at least one dependency, and the at least one entity and (ii) a plurality of nodes representing the plurality of assets, the at least one dependency, and the at least one entity, and wherein each edge has a conditional probability that the asset on a receiving node of a particular edge, of the plurality of edges, is compromised given that a providing node, of the plurality of nodes, is compromised.

2. The method of claim 1, wherein: each of the plurality of assets is selected from the group consisting of: Internet Protocol (IP) address, domain name, and server system; each of the at least one entity is selected from the group consisting of: a company and an organization; and each of the at least one dependency is selected from the group consisting of: hosting provider and software version.

3. The method of claim 1, further comprising: receiving information indicative of the relationships between the plurality of assets, the at least one dependency, and the at least one entity.

4. The method of claim 3, further comprising: storing the information indicative of the relationships between the plurality of assets, the at least one dependency, and the at least one entity in a database, wherein the information is at least one of the group consisting of: domain name system (DNS) record, server banner, traffic data, malware infection, and software version.

5. The method of claim 3, further comprising: observing traffic to and from a particular one of the plurality of assets in the network to identify at least one of (i) an entity and (ii) a dependency related to the particular asset.

6. The method of claim 3, wherein the information indicative of the relationships includes inter-business payment data.

7. The method of claim 1, wherein each of the plurality of assets is weighted according to its importance to the at least one entity having the asset.

8. The method of claim 1, further comprising: generating the dependency graph.

9. The method of claim 1, wherein the propagating disruption through the dependency graph based on the seed event further comprises: propagating disruption through the dependency graph until a threshold number of nodes is affected.

10. The method of claim 1, wherein the seed event is a breach or failure of the at least one dependency.

11. The method of claim 1, wherein the probability distribution is a probability that the asset will become unavailable if the at least one dependency fails.

12. The method of claim 1, further comprising: storing information related to the aggregated losses for the two or more assets of the plurality of assets in a database.

13. The method of claim 1, wherein the at least one entity comprises at least two entities, and a first asset of the two or more assets belongs to a first entity of the at least two entities and a second entity of the two or more assets belongs to a second asset of the at least two entities.

14. The method of claim 13, wherein at least one of the first and second assets belongs to another entity of the at least two entities.

15. The method of claim 13, further comprising: aggregating losses for two or more entities of the at least two entities to determine correlated risk in the network.

16. The method of claim 15, further comprising: storing information related to the aggregated losses for the two or more entities of the at least two entities in a database.

17. The method of claim 13, wherein each of the at least two entities is assigned to at least one portfolio, and wherein the method further comprises: aggregating losses for two or more portfolios of the at least one portfolio to determine correlated risk in the network.

18. The method of claim 17, further comprising: storing information related to the aggregated losses for the two or more portfolios of the at least one portfolio in a database.

19. The method of claim 1, wherein the aggregating losses for the two or more assets of the plurality of assets to determine correlated risk in the network further comprises: aggregating losses in a nonlinear sum for the two or more assets of the plurality of assets.

20. The method of claim 1, wherein a number of the plurality of Monte Carlo simulations is selected to reduce a statistical variance of the plurality of Monte Carlo simulations.

21. The method of claim 1, wherein the executing a plurality of Monte Carlo simulations over the dependency graph further comprises: comparing a statistical variance to a threshold; and terminating the plurality of Monte Carlo simulations when the statistical variance is equal to or less than the threshold.

22. A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a computer, cause the computer to: execute, for a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, a plurality of Monte Carlo simulations over a dependency graph that is based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein each of the plurality of Monte Carlo simulations executes by: generating a seed event in the dependency graph, the seed event having a probability distribution; and propagating disruption through the dependency graph based on the seed event; and terminating the respective Monte Carlo simulation when a threshold amount of loss is aggregated among two or more assets of the plurality of assets affected by the disruption is exceeded; assess, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets; and aggregate the losses for the two or more assets of the plurality of assets to determine correlated risk in the network, wherein the dependency graph comprises (i) a plurality of edges representing the relationships between the plurality of assets, the at least one dependency, and the at least one entity and (ii) a plurality of nodes representing the plurality of assets, the at least one dependency, and the at least one entity, and wherein each edge has a conditional probability that the asset on a receiving node of a particular edge, of the plurality of edges, is compromised given that a providing node, of the plurality of nodes, is compromised.

23. A computing apparatus comprising: a processor; and a memory storing instructions that, when executed by the processor, configure the apparatus to: execute, for a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, a plurality of Monte Carlo simulations over a dependency graph that is based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein each of the plurality of Monte Carlo simulations executes by: generating a seed event in the dependency graph, the seed event having a probability distribution; and propagating disruption through the dependency graph based on the seed event; and terminating the respective Monte Carlo simulation when a threshold amount of loss is aggregated among two or more assets of the plurality of assets affected by the disruption is exceeded; assess, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets; and aggregate the losses for the two or more assets of the plurality of assets to determine correlated risk in the network, wherein the dependency graph comprises (i) a plurality of edges representing the relationships between the plurality of assets, the at least one dependency, and the at least one entity and (ii) a plurality of nodes representing the plurality of assets, the at least one dependency, and the at least one entity, and wherein each edge has a conditional probability that the asset on a receiving node of a particular edge, of the plurality of edges, is compromised given that a providing node, of the plurality of nodes, is compromised.